23

Well, it all started when I wanted to take the sim card out of my tablet and I was about to shut it down so that I could take the simcard out. But then a thought raced through my mind, "What if I take out the simcard before I turn off the tablet and go to google and see whether I can still search for something?"

So I quickly took out the simcard and I typed a word in the browser I have never searched for before(I checked my history to confirm) and....... It loaded and displayed a webpage! I clicked on a website very quickly and it also began to load it was almost through but before it fully opened the tablet quickly turned itself off.

This proves a theory I once had:Sim cards are identified on their individual operator networks using the IMSI. Mobile network operators connect mobile phone calls and communicate with their market SIM cards using their IMSIs using a certain format.(Actually that's the factual part not the theory part I was talking about)

(Now the theory part) That IMSI format that is stored in the simcard is accessed by the phone as it transmits that data using a radio link to a cellular network .Now as the device sends this data it stores the same data along with the encryption key of the simcard on its RAM. Since the device here is the middle guy he can store the information being transferred without the simcard or the carrier. Meaning when the device obtains the encryption key it stores it on its RAM as it passes it to the mobile operator requesting access and authentication and once the mobile is granted access to the operator's network it stores the encryption key because the encryption key is used to encrypt all further communications between the device and the network hence having no need for the simcard anymore. Which explains why when I removed my simcard from the device I was able to surf the net. But as a security procedure(one that worked terribly slow allowing me to surf the net for a brief period of time) the tablet turned itself off, and since it was stored in the RAM once it turns off the information is lost. But isn't this a great security concern?

What if someone made a program that overrides the devices settings allowing the stored information to be continually used without having the simcard?

Basically what I'm asking is that, isn't it a great security concern for devices to function this way?

RoraΖ
  • 12,317
  • 4
  • 51
  • 83
Jeffry
  • 231
  • 2
  • 3
  • 7
    It's the same security concern as an ATM machine accepting your PIN number only once and does not require you to enter your PIN again for each network action you initiate. Or it's the same security concern as an ssh session accepting your username/password (or certificate) once on establishing connection and doesn't require you to enter your username/password for every packet it transmits. In other words, its acceptable. – slebetman Aug 19 '15 at 02:13
  • 1
    With an ATM credit card you have the physical location of the ATM and CCTV monitoring usually to reduce this risk. Modern ATM cards and Credit Cards ("Chip & PIN") also implement similar smart card technology to that used in SIM-cards. With regards to the username/password combo in SSH any secure internet-facing system will usually insist on certificates. – robert Aug 19 '15 at 09:23
  • "isn't it a great security concern for devices to function this way?" Sure, cause I regularly take the sim card out of my phone, while leaving it on an open, then proceed to turn my back while whistling loudly. – NPSF3000 Aug 19 '15 at 11:43
  • OP's concern I believe was an attacker cloning his SIM. – robert Aug 19 '15 at 12:43

3 Answers3

46

As you found out, a SIM card is only required for initializing a connection to the mobile carrier and is not required anymore until the device loses the connection and needs to reconnect (which happens very frequently with mobile devices when you move them around). Your device might power down when the SIM card is removed, but there is no good reason why it must do that.

But cloning a SIM card is not as easy as you think. Every SIM card stores an unique Authentication Key which is only known to the network carrier. This key can not be read through normal means. During the connection process, the carrier sends a random number to the device. The SIM card then uses a cryptographic function which takes that random number and the authentication key as inputs and outputs a new number based on these. This function happens inside the SIM card, not on the device, so the device never processes the authentication key. That number is then sent to the network carrier. The same happens on the carriers side, and when the numbers don't match the connection attempt is aborted.

The calculation is (relatively) cryptographically secure, so it is not (easily) possible to reverse-engineer the authentication from observing which random number gets which response from the SIM card. It has some vulnerabilities, though.

Philipp
  • 48,867
  • 8
  • 127
  • 157
  • Wasn't there already a trick to make the communication between the cell and the mobile without encryption? Then you could see the random number and the computed result. Or is this just my bad memory? – ott-- Aug 18 '15 at 17:39
  • 7
    @ott how does seeing the challenge and response help you? – Neil Smithline Aug 18 '15 at 18:33
  • 2
    "until the device loses the connection and needs to reconnect." I think that's a very important point of your answer. I think it's likely that the connection needs to be refreshed after a while, and at the very least when switching to a different cell. So, the most you can do is use the device for some time, before the session times out. – Silly Freak Aug 18 '15 at 21:36
  • 1
    @ott seeing the number and the computed result won't help you much, because at the next connection attempt you will get a different number and you can't tell which response the carrier expects because you don't know the authentication key. – Philipp Aug 19 '15 at 08:06
  • @Philipp Assume that I pretend to br the provider who sends random numbers and check the response. – ott-- Aug 19 '15 at 09:19
  • @ott When you try to spoof a base station, that's a completely different situation which has little to do with the intial question. I would recommend you to open a new question about this (if searching for "IMSI catcher" doesn't give you any satisfying results). – Philipp Aug 19 '15 at 09:20
12

The thing to bear in mind about a SIM card is that it is not just a dumb storage device (like a magnetic strip on the classical credit-card, or flash device). It is a "Smart Card" that is basically like a small computer (externally powered, with no I/O other than the copper contacts). Each SIM card is different, and as you point out it has your IMSI, and Encrypyion keys, but these are not the only variations.

The SIM card actually implements a set of algorithms known as A3, A5 and A8. A3 and A8 are used for subscriber authentication and A5 is used for ciphering the actual traffic. When authenticating the A3 and A8 algorithms are "queried" and a computation performed which is sent to the network, which also has the capability to reproduce these calculations (in conjunction with copies of this private data in the Authentication Centre). If both parties produce the same result then you are considered authenticated and the result is fed into A5 to produce your ciphering key.

The algorithms may (should) be different between operators (e.g. Vodafone vs Sprint vs Rogers). In earlier versions of the standard it was expected that operators should provide their own algorithms, but more recently the "Milenage" algorithms are standard (and open) but have hidden parameters burned into each SIM (per operator, per subscriber) which individualise them and make them "impossible" to crack.

So what you are seeing here is that your initial authentication by way of A3 and A8 has succeeded, and A8 has been used to generate your ciphering key, which is stored in memory. What happens next is down to network policy, but typically authentication is a periodic activity (could be 30 seconds, every 3 minutes, could be 30) and once this happens if your device can't access the An algorithms it won't be able to either authenticate or generate the new ciphering keys required.

It is also likely that once you use the SIM card on another device your session on the first will be invalidated.

I'd imagine it would be "possible" to copy a SIM card, but it would not be as trivial as cloning. You'd have to actually open it up without damaging it (a feat in itself) and then somehow read the individuation parameters off it, again not something you could do without specialist equipment.

Oh, and I should also mention that as of 3G the AKA scheme also brings "state" into the equation so that each time you authenticate, a register in your SIM-card (and in the Authentication Centre) get updated to a new (matching) pseudo-random number, so even if you do manage to clone the SIM, you'll also have to do it in the time before the next authentication occurs and your state register falls behind ...

So best of Luck!

robert
  • 335
  • 2
  • 11
  • In your "_So what you are seeing here_" paragraph, should the second reference to `A8` be `A5`? (Not vital to the answer, but...) – TripeHound Aug 19 '15 at 15:45
  • Thanks .. eh .. I think it's A3 and A8 that are used here for authentication, but A5 is used for the actual live data-ciphering ... just going from memory mind so painting broad strokes ;) – robert Aug 19 '15 at 15:52
  • I don't know the detail myself: I was just going from what you describe in the 2nd paragraph: "_and A5 is used for generating a ciphering key_". – TripeHound Aug 19 '15 at 16:07
  • Oh right got ya - made a mistake on the 2nd - I've updated it now, thanks! – robert Aug 19 '15 at 16:15
1

As correctly noted in previous answers, the encryption key is not supposed to ever leave the card (unless NSA will break into Gemalto again :). For the sake of completeness I'd like to note that you don't have to take those answers for granted - buy yourself the simtrace (it's relatively cheap), plug it between your device and a sim card and read entire communication between them in realtime using wireshark.

god
  • 141
  • 4